When my ruby runs an external program, it will get this warning:
warning: Insecure world writable dir SOMEDIR
I have checked the SOMEDIR and its permission mode is 777. Does anyone
know this warning? How can I avoid this?
thanks
--
Posted via http://www.ruby-forum.com/.
Zhao Yi wrote:
When my ruby runs an external program, it will get this warning:
warning: Insecure world writable dir SOMEDIRI have checked the SOMEDIR and its permission mode is 777.
Which means it's world-writable, as the warning says. In octal:
7 7 7
111 111 111
rwx rwx rwx (user, group, world)
The warning comes from path_check_0 in file.c, which in turn is called
from rb_path_check, which checks each of the directories in your PATH.
It's basically saying: when you do system("foo"), one of your PATH
directories is world writable, so any random user on your system could
have installed their own "foo" executable which does whatever they like
(e.g. changing your password, or mailing your pr0n collection to your
girlfriend 
How can I avoid this?
man chmod
--
Posted via http://www.ruby-forum.com/\.
Zhao Yi wrote:
When my ruby runs an external program, it will get this warning:
warning: Insecure world writable dir SOMEDIRI have checked the SOMEDIR and its permission mode is 777. Does anyone
know this warning? How can I avoid this?thanks
World read, write and execute is a bad thing if you're on a shared
server with other users. Any good system will error and prevent it
from running, instead of blindling running it. Else you risk issues
where another user on the system can write to your files/directories,
destroy, modify or delete your valuable data, as well as open
exploitable potentials. If this is your own server and you don't share
it with any other users (or other users you can't trust), then you can
remove that check if you wish. Still, even when running with a lower
privileged user instead of your own for better protection (if you run
insecure scripts or you aren't able to ensure they are secure), it
still shouldn't need world write/execute.
--
Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting. 24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!
Zhao Yi wrote:
When my ruby runs an external program, it will get this warning:
warning: Insecure world writable dir SOMEDIRI have checked the SOMEDIR and its permission mode is 777. Does anyone
know this warning? How can I avoid this?thanks
I understand that you want this directory to be world-writable, so this is probably not much use for your current situation, but handy to know nonetheless. You may want to configure a group, see /etc/groups, man groups, or man chgrp instead of having it be world-writable.
With that aside, there are two ways to modify the permissions for files and directories. In essence, it's by name or by number. Using the names is better when beginning. See man chmod for more details.
Basically, you can use the syntax 'chmod <which_access_level><+ or -><which_access_type>'.
<which_access_level> would be one of the following {a,u,g,o} where a is all (user group and other), u is user, g is group, and o is other (typically everyone else).
<+ or -> is a boolean true or false for turning on or off the permission.
<which_access_type> would be {r,w,x} where r is read, w is write, and x is execute.
So for example, if you wanted to remove the read ability for everyone except the user and group, you would use:
chmod o-r test-file.txt
You can group them as well, so the following is valid for adding write ability for the user and group:
chmod ug+r test-file.txt
The a for access level is a shortcut for all three. So to remove all types ability to execute a file:
chmod a-x test-file.txt
Also, you will probably want to check into man chown for how to change the user attribute for a specific file or set.
Hope that helps.
Best regards,
Ryan Masters
End Point Corp.
ryan@endpoint.com
Brian Candler wrote:
Which means it's world-writable, as the warning says. In octal:
7 7 7
111 111 111
rwx rwx rwx (user, group, world)man chmod
why does ruby check its permission? I do want this path writable. how
can I disable this warning?
--
Posted via http://www.ruby-forum.com/\.
Zhao Yi wrote:
why does ruby check its permission?
Because not heeding this warning is approximately the same as posting
your password in clear text to all users on the system.
Even if you have no other users on your system, if someone happens to
break in (e.g. through your web server or mail server), and gets a shell
running as any daemon user, they can exploit this hole to run any script
as *your* userid.
I do want this path writable. how
can I disable this warning?
I already pointed you at file.c. You will find a #if check in there,
which lets you recompile ruby with this check disabled.
I'm not going to hint further. If you are smart enough to understand
fully the consequences of disabling this check, then you a smart enough
to read the configure script and recompile ruby with this check
disabled.
--
Posted via http://www.ruby-forum.com/\.
Brian Candler wrote:
>
> Which means it's world-writable, as the warning says. In octal:
>
> 7 7 7
> 111 111 111
> rwx rwx rwx (user, group, world)
>
> man chmodwhy does ruby check its permission?
Why not? Ruby is letting you know that something bad can happen.
I do want this path writable. how can I disable this warning?
ruby -W0 /path/to/your_script
-drd
On Tue 6.Jan'09 at 18:14:05 +0900, Zhao Yi wrote: